Basic Internet Security

Getting and testing a VPN account

In all the VPN systems, there is one computer set up as a server (in an unrestricted location), where one or more clients connect to. The set up of the server is out of the scope of this manual and the set up of this system is in general covered by your company or VPN provider. This server is one of the two ends of the tunnel. It is that important the company running this server can be trusted and is located in an area you trust. So to run a VPN, an account is needed at such a trusted server.

Please keep in mind that an account can often only be used on one device concurrently. If you want to login on a VPN with both your mobile and laptop, it is very well possible you need two accounts.

An account from your company

A lot of companies are running local VPN servers. It is very well possible you can get an account there easily. Check with your system administrator if this is possible and ask for the technical possibilities.

An account from a free or commercial VPN-provider

If you don't have the possibility to get an account from your company, you can register for an account on the Internet, there are dozens of providers. Although some companies offer free accounts, they seem to be disappearing fast. For a stable account it seems the best to go for a paid option. For a few euro's a month it is possible to get an account. Always choose for a provider that offers a standard protocol like L2TP/IPsec, PPTP or OpenVPN. Explanation of the differences between these standards is up next.

A (semi up-to-date) overview of free en commercial providers can be found at cship.org's wiki (http://en.cship.org/wiki/VPN).

VPN standards

There are a number of different standards for setting up VPN networks, including PPTP, LL2P/IPSec and OpenVPN that vary in terms of complexity, the level of security they provide, and which operating systems they are available for. Naturally, there are also many different implementations of each standard within software that have various other features.

PPTP

PPTP is one of the older VPN technologies. While PPTP is known to use weaker encryption than either L2TP/IPSec or OpenVPN, it may still be useful for bypassing Internet blocking and give some level of encryption. The client software is conveniently built into most versions of Microsoft Windows, Apple, Linux computers and even mobile phones. It is very easy to setup.

L2TP / IPSec

L2TP (in combination with IPSec) is a very well-known VPN solution. A lot of devices support these VPN connections out of the box. This includes all mainstream Operating Systems like Windows, MacOSX and Linux, but also support is standard in both Android and iPhone phones. Unfortunately to set-up a good L2TP/IPSec server is complicated. Because the wide-spread implementations of the (complex) protocol, there are some differences between disparate versions. Therefore, the protocol is not always working flawless, so check if it works. If it is running, this is one of the best and safest options.

OpenVPN

OpenVPN is a well-respected, free, open source VPN solution. It works on most versions of Windows, MacOSX and Linux. OpenVPN is SSL-based, which means it uses the same type of encryption that is used when visiting secure Web sites where the URL starts with https. Despite the open character of the product it is currently not very well supported by mobile phones. Also the configuration of this protocol under Windows en MacOSX requires additional software, while PPTP and L2TP/IPSec are both available by default.

Other

There are dozens of other implementations. We advise to stick to one of these three methods as these are very common en well supported. But maybe there is a good reason to use other methods under some circumstances.

Testing before and after account set up

If you decide to set up a VPN, it is important to check if it is working at all. The best way to do that is to check before and after the set up. Before setting up the connection, the "world" will see you from the location where you really are. This can be simply checked on:

http://whatismyipaddress.com/ (Make sure you spell this correctly)

Although this page is a little commercial, it does do a nice job in displaying your external IP address and the location where you are. Please note, this location is not necessarily your exact location, but in most cases at least the country should be correct.

After you have set up your connection, you can visit this page again. Then it should display a different location: the location where your VPN-provider is located.

  1. Before setting up a VPN, this site returns that we are in Berlin (Germany), which is correct: we are in Berlin.
  2. After have set up the VPN, the site tells us that we moved to the Netherlands, which is correct: that is where our VPN-provider is located. People in Berlin won't be able to sniff our connection.

Setting up your account

In the following chapters some examples are given for setting up an account. These manuals mostly cover LT2P/PPTP like connections. If you want to use OpenVPN on Windows or MacOSX, have look at:

http://openvpn.se (Windows interface)

http://code.google.com/p/tunnelblick/ (MacOSX interface)